^ Top

NANOG Meeting Presentation Abstract

Track: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
Meeting: NANOG67
Date / Time: 2016-06-13 3:00pm - 5:00pm
Room: Gold Room (2nd Floor)
Presenters: Moderators:

Sandra Murphy, Parsons, Inc.

Sandra Murphy has been working in security for distributed systems, particularly routing systems, for two decades. She has been an active NANOG participant since NANOG33 and has been working on the RPKI based security solution for BGP in the IETF, NANOG, and RIR communities. She is co-chair of the SIDR working group in the IETF.

Doug Montgomery, National Institute of Standards and Technologies (NIST)

Manager of the Internet and Scalable Systems Metrology Group within the Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST). In that role I provide technical leadership to NIST's current research and standardization efforts in Internet Infrastructure Protection (e.g., Naming and Routing Security, Internet Protocol security); scalable addressing and routing technologies (e.g., IPv6, new routing architectures); and measurement, modeling and analysis of macroscopic behaviors (e.g., complex systems analysis) within the Internet system.
Panelists:

Tony Tauber, Comcast

In his role as Distinguished Engineer at Comcast, Tony focuses on Backbone and Core network architecture and engineering with particular attention to measurement, manageability, and automation. He also partners with the research and education communities on projects and currently chairs the NANOG Program Committee. In the past Tony held senior network engineering positions at BBN, GTE Internetworking, Genuity, Level3, and MIT Lincoln Lab as well as served as co-chair of the Routing Protocol Security working group in the IETF.

Rick Mayberry, Microsoft

My passion is primarily around securing large networks and, for the majority of my career, I’ve worked for Internet Service Providers (ISP). My secondary interests are network engineering and network technology, cloud and virtualization, measuring security program effectiveness and enabling product teams to build secure products through repeatable processes, patterns and shared services (security architecture). I am not your typical counter-culture, paranoid, policy or compliance security professional. I believe security is just another delivery organization within larger IT/Engineering. I believe a security organization should deliver horizontal shared services that can be leveraged by other IT initiatives and accelerate product or service delivery. I also am a strong believer that security is a means to increased availability – especially within a service provider environment.

John Scudder, Juniper Networks

John Scudder is a Distinguished Engineer at Juniper Networks. He has worked in the Internet industry since 1990, when he joined the Internet Engineering team at Merit Network, Inc, doing network engineering and support for the NSFNET. Since then he has worked at a variety of Internet companies, large and small. His interests include routing protocols, particularly BGP, and routing security. He co-chairs the IETF IDR (which standardizes BGP and its extensions) and SPRING (segment routing) working groups, and is a past co-chair of the IETF Routing Area working group. John's first NANOG was in 1990 or so, when it was still called Regional-Techs.

Thomas King

Thomas King was Head of the Research & Development department at DE-CIX until the end of 2015. Since 2016, Thomas King has been promoted to the newly-created position of CIO of DE-CIX.

Henk Steenman, AMS-IX

Henk Steenman is CTO at AMS-IX since the end of 2001

Greg Hankins, Nokia

Greg Hankins has been attending NANOG since 1998, first as a network operator and now as a hardware vendor. He also attends APRICOT, Euro-IX, various Peering Forums, RIPE, and regional operator conferences where he frequently speaks on network technology and operational topics. Greg currently works as a Senior Product Manager for Nokia.

Mark Kosters, ARIN

Mark Kosters is the CTO of the American Registry for Internet Numbers (ARIN), responsible for all engineering initiatives within the organization, leading both development and operations. Mark has over twenty-seven years of experience as an applications developer, networking engineer, technical manager and executive. Over the last twenty-two years, he has been a senior engineer at Data Defense Network (DDN) NIC, chief engineer and Principal Investigator under the NSF-sponsored Internet NIC (InterNIC), Vice President of Research at VeriSign, and now CTO of ARIN. Over his career, Mark has been involved in application design and implementation of core internet client/server tools, router administration, UNIX system administration, database administration, and network security. He has represented both network information centers in various technical forums such as the IETF, RIPE, APNIC, CaribNOG and NANOG.
Arjun Sreekantiah, Cisco.

Keyur Patel, Cisco

Keyur Patel is a Distinguish Engineer at Cisco with focus on BGP routing. Keyur is the architect for the Cisco IOS BGP origin AS validation feature and a key contributor on the standardization process in the IETF. Keyur has 6 published RFCs and more than 30 working documents in this area.

Matthias Wählisch, Freie Universitaet Berlin

Matthias Wählisch a senior research scientist at Freie Universität Berlin, heading the research activities on Internet technologies. His research and teaching focus on efficient, reliable, and secure Internet communication. This includes the design and evaluation of networking protocols and architectures, as well as Internet measurements and analysis. His efforts are driven by transforming solid research into practice, trying to improve Internet-based communication. In addition to scientific contributions, Matthias is also involved in the IETF, where he co-authored several Internet drafts and six RFCs. He also co-founded several open source projects such as RTRlib and RPKI MIRO.
Abstract: Malicious BGP route hi-jacks and and accidental mis-originations continue to threaten the security and robustness of the global Internet. Over the last several years the IETF, RIRs, router vendors, and researchers have developed and implemented an approach to BGP origin validation based upon a global resource public key infrastructure (RPKI) that permits operators anywhere in the Internet to detect unauthorized route announcements and implement local polices to mitigate (e.g., filter) these events.

This track will examine the current state of RPKI Origin Validation (ROV) technologies: products, services, implementations, configurations, and tool sets that could be useful to operators in planning, deploying, and monitoring ROV use in their networks. Actual operational experiences with ROV deployment will be described as well as issues that need to be addressed to further operational deployment.

1. RPKI Introduction
Doug Montgomery / Sandy Murphy
2, RPKI hosted services
Mark Kosters, CTO ARIN
3. RPKI Implementations
Doug Montgomery / Sandy Murphy
4. Router Vendor Implementations
Cisco / Juniper / Alcatel Greg Hankins
5. RPKI Test, Training, Monitoring, Management tools.
Matthias Waelisch, Doug Montgomery, Sandy Murphy
6. Deployment Experiences Panel (30 min)
JR Mayberry/Microsoft, Tony Tauber/Comcast, Thomas King/DE-CIX
Files: pdfHankins (PDF)
pdfKing(PDF)
pdfKosters(PDF)
pdfMayberry(PDF)
pdfMontgomery_Murphy (PDF)
pdfPatel(PDF)
pdfScudder(PDF)
pdfSteenman(PDF)
youtubeTrack: Practical BGP Origin Validation using RPKI: Vendor Support, Signing and Validation Services, and Operational Experience
pdfWählisch(PDF)
Sponsors: None.

Back to NANOG67 agenda.

NANOG67 Abstracts

  • Conference Opening
    Moderators:
    Daniel Golding, NANOG Board, Google; Speakers:
    Peter JacobyRCN; .
    L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  • Conference Opening
    Moderators:
    Daniel Golding, NANOG Board, Google; Speakers:
    Peter JacobyRCN; .
    L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  • Conference Opening
    Moderators:
    Daniel Golding, NANOG Board, Google; Speakers:
    Peter JacobyRCN; .
    L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  • Conference Opening
    Moderators:
    Daniel Golding, NANOG Board, Google; Speakers:
    Peter JacobyRCN; .
    L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  • Conference Opening
    Moderators:
    Daniel Golding, NANOG Board, Google; Speakers:
    Peter JacobyRCN; .
    L Sean Kennedy, XO Communications; Don MacNeilJay Borkenhagen.
  • DNS Track
    Speakers:
    edward lewisICANN; .
    Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
    Casey Deccio, Verisign Labs; Yacin Nadji.
  • DNS Track
    Speakers:
    edward lewisICANN; .
    Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
    Casey Deccio, Verisign Labs; Yacin Nadji.
  • DNS Track
    Speakers:
    edward lewisICANN; .
    Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
    Casey Deccio, Verisign Labs; Yacin Nadji.
  • DNS Track
    Speakers:
    edward lewisICANN; .
    Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
    Casey Deccio, Verisign Labs; Yacin Nadji.
  • DNS Track
    Speakers:
    edward lewisICANN; .
    Duane Wessels, Verisign; Kazunori FujiwaraJPRS; .
    Casey Deccio, Verisign Labs; Yacin Nadji.
  • Security Track
    Speakers:
    John Kristoff, DePaul University; Christoph Dietzel.
    Ryan Haley.
    Jelena Mirkovic.
  • Security Track
    Speakers:
    John Kristoff, DePaul University; Christoph Dietzel.
    Ryan Haley.
    Jelena Mirkovic.
  • Security Track
    Speakers:
    John Kristoff, DePaul University; Christoph Dietzel.
    Ryan Haley.
    Jelena Mirkovic.
  • Security Track
    Speakers:
    John Kristoff, DePaul University; Christoph Dietzel.
    Ryan Haley.
    Jelena Mirkovic.

 

^ Back to Top